Federal CIO Q&A: Security, Sequestration And More

InformationWeek Government: You and others have said that once FedRAMP is operating, we might see it expanding beyond cloud computing.

VanRoekel: We're definitely looking at that. I think mobile would be the first thing in that space. Pre-authorizing the risk and management of these programs is proving to be not only really cost effective, but being able to preclear a bunch of stuff once and then scale that across the federal government is proving very fruitful. One of my fears with mobile is that our security checks don't keep up with the pace of technology. We've got a new device coming out more than once every six months. The way we could keep up is do that from a more central standpoint, as new devices come in, authorize them. Once a central agency or host agency does that, they can say, 'This is trusted across the federal government.'

InformationWeek Government: This interview comes before the release of the federal budget. Can you give us a sense of the broad outlook for federal IT spending going forward?

VanRoekel: I can't quote any numbers or say anything specific, but the spirit is really around my budget guidance. To some extent, we're still at a point where IT is viewed as a discretionary thing. The President doesn't share this view, I don't, Todd Park doesn't, and I'm sure you don't share it. The private sector went through this inflection five to 12 years ago, depending on the industry, where IT moved from just this ability to do file and print and move emails around to this strategic asset to do business. It became the way we connect to customers better, build solutions better, control inventory, market our products.

In government, we're still in the midst of this. IT is this discretionary thing. We've been promoting the notion that IT gives you a 'lever up' ability. It gives you efficiency. You can do things better, faster and cheaper if you deploy IT in a smarter way.

If you go back to look at the history books, over half of the Fortune 500 companies were started in difficult economic times. You trace that back to what was going on at that time, IBM, P&G, Microsoft in a recession in the 70s, and it was always some inflection in technology that allowed them to catapult forward. I think our time is now to look at that [and ask] how do we drive innovation both inside and outside of government, to create that next Fortune 500 company, to foster that next wave of innovation in this country.

The spirit of our budget guidance really follows that. On a flat or declining budget, we need to find ways to save money. We need to steal from the cap-ex column to give to the op-ex column to drive innovation. If we just sit on our hands and do less with less instead of do more with less, we wouldn't make the progress we want to make.

InformationWeek Government: We're getting closer to the deadline on sequestration. Agencies have obviously started planning for that, regardless of what's going to happen.

VanRoekel: We're working with agencies on planning and thinking about what they do. The interesting thing from my vantage point is that while you have IT and the budget is out there, it's never just a standalone line item. It's part of almost everything we do, so as programs get considered for cuts, it's a part of all those things. It isn't just a specific tactic, like we need to go and cut here.

The general fear I have is that, by cutting technology or the IT budget, it's going to put us into situations where we stagnate progress or delivery of these things. I would worry that efforts would stall -- we heard that the VA and DOD's medical records effort is going to be stalled in a sequestration scenario -- so it puts us on our heels from a forward progress standpoint.

The other place it puts us on our heels is cybersecurity. Cybersecurity is such an evolving threat that we have to be ever-vigilant, proactive, investing dollars and engaging smart contractors to help us think about how do we really lean forward on this stuff. Sequestration could create scenarios where we bring it down to where we were without forward progress. In the case of being on your heels, being reactive, you could create a scenario where it's not where we need to be.